Password Management – Or Post Its?

password1Back in July we wrote a review of our experiences with LastPass, a popular password management program.  For the record, I am still using it, and still liking it, although there is no way I would use a password manager without some form of two-factor authentication, such as Google Authenticator.  For some people, this is going to be too much.

There was an amusing report on Sophos recently about password usage and password management that you might enjoy, but there were some salient take-aways.  Most of us are very bad at password management, and use some form of “sticky note” system or other written log.  According to DashLane, another password manager company, here’s what we are doing:

  • 62% of us keep passwords memorized, which is great until you forget them
  • 30% of us keep a written list on paper, or a collection of post-its.
  • 20% of us use a password manager program.
  • 13% use a shared spreadsheet, which is super frightening, because a shared secret is not a secret.
  • 8% reuse the same password for everything or nearly everything that requires one.  Here a single lost password is a total loss.
  • 7% use email, texting or instant message to send password information to another.

And speaking of sharing passwords with other people, the numbers reported were just as discouraging.

  • 67% of respondents aged 16-24 said they’ve shared passwords
  • 59% in the age bracket of 25-34 has shared passwords
  • 52% of those between 35-44-years-old
  • 46% of those between 45-54.

So evidently with age comes wisdom, or maybe after you’ve been burned a time or two by a trusted friend, family member, or coworker, you learn to keep this information to yourself. A good password manager can help you with this, and once you get over the installation, it becomes pretty easy to manage this way.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.